Good practies on PHP: How to store login and pass

software development

#1

Hi all!!

Can someone give a good tip on how to store a mysql database login and password information to be use in PHP + MySql? Or recommend me some place where i can retrieve this information?

Thanks in advance for any help!


#2

you’re talking about the username and password for the mysql user, right?

i don’t know how good this is, but i’m happy with it. i have a php file outside DOCUMENT_ROOT that includes a define()s with username, password, hostname, and database name for mysql. i change the permissions to 600 so nobody else on the shared server can read the file, and it’s already inaccessible through http since it’s not under DOCUMENT_ROOT. i simply require_once() that file, then use the names defined in it when connecting. it looks something like this:

mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASS);
mysql_select_db(MYSQL_DBNAME);

also, the file with the defines is named starting with a dot so it’s hidden, and the file with mysql_connect is also stored outside DOCUMENT_ROOT.

track7 - my dream-hosted site


#3

That generally does the trick. Plus, look at how many popular scripts just store it in a web directory–so you’re already off to a pretty good start by going above & beyond what they do.

If someone gets full access to your account, they’re going to get it anyway… but you have more problems at that point than just DB users & passwords.


:stuck_out_tongue: Save up to $96 at Dreamhost with ALMOST97 promo code (I get $1).
Or save $97 with THEFULL97.